1. Home
  2. CVE Database
  3. CVE-2010-4302
MEDIUM · 4.9

CVE-2010-4302

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) adm...

Vulnerability Description

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:C/I:N/A:N
Confidentiality
COMPLETE
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoUnified Videoconferencing System 5110 Firmware7.0.1.13.3
CiscoUnified Videoconferencing System 5115 Firmware7.0.1.13.3
CiscoUnified Videoconferencing System 5110All versions
CiscoUnified Videoconferencing System 5115All versions
LinuxLinux KernelAll versions

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2010-4302?

CVE-2010-4302 is a vulnerability with a CVSS score of 4.9 (MEDIUM). /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) adm...

How severe is CVE-2010-4302?

CVE-2010-4302 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4302?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Videoconferencing System 5110 Firmware, Cisco Unified Videoconferencing System 5115 Firmware, Cisco Unified Videoconferencing System 5110, Cisco Unified Videoconferencing System 5115, Linux Linux Kernel.